XScreenSaver Local Password Disclosure Vulnerability
BID:17471
Info
XScreenSaver Local Password Disclosure Vulnerability
| Bugtraq ID: | 17471 |
| Class: | Design Error |
| CVE: |
CVE-2004-2655 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 11 2006 12:00AM |
| Updated: | Dec 07 2006 03:29AM |
| Credit: | The original discoverer of this issue is currently unknown. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 SGI ProPack 3.0 SP6 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Jamie Zawinski XScreenSaver 4.17 Jamie Zawinski XScreenSaver 4.16 Jamie Zawinski XScreenSaver 4.15 Jamie Zawinski XScreenSaver 4.14 Avaya Interactive Response 1.3 Avaya Interactive Response 1.2.1 Avaya Interactive Response Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN |
| Not Vulnerable: |
Jamie Zawinski XScreenSaver 4.18 |
Discussion
XScreenSaver Local Password Disclosure Vulnerability
XScreenSaver is prone to a local password-disclosure vulnerability. This issue is due to a flaw in the application that may result in the screen-unlock password being passed onto other applications that are already running on the computer.
This may disclose the password used to unlock the applications. The login password is typically used to unlock XScreenSaver, so this issue may reveal login passwords to attackers.
This issue is currently known to affect users who are running RDesktop on the locked computer, due to the interaction between the applications. This may result in the disclosure of the login password across the network. Other unknown applications in conjunction with XScreenSaver may result in a similar issue.
Version 4.14 and 4.16 are vulnerable to this issue; other versions may also be affected.
XScreenSaver is prone to a local password-disclosure vulnerability. This issue is due to a flaw in the application that may result in the screen-unlock password being passed onto other applications that are already running on the computer.
This may disclose the password used to unlock the applications. The login password is typically used to unlock XScreenSaver, so this issue may reveal login passwords to attackers.
This issue is currently known to affect users who are running RDesktop on the locked computer, due to the interaction between the applications. This may result in the disclosure of the login password across the network. Other unknown applications in conjunction with XScreenSaver may result in a similar issue.
Version 4.14 and 4.16 are vulnerable to this issue; other versions may also be affected.
Exploit / POC
XScreenSaver Local Password Disclosure Vulnerability
Attackers use standard applications and network sniffers to exploit this issue.
Attackers use standard applications and network sniffers to exploit this issue.
Solution / Fix
XScreenSaver Local Password Disclosure Vulnerability
Solution:
The vendor has released version 4.18 of XScreenSaver to address this issue.
Please see the referenced vendor advisories for more information on obtaining and applying fixes.
Jamie Zawinski XScreenSaver 4.14
Jamie Zawinski XScreenSaver 4.16
Jamie Zawinski XScreenSaver 4.17
Jamie Zawinski XScreenSaver 4.15
Solution:
The vendor has released version 4.18 of XScreenSaver to address this issue.
Please see the referenced vendor advisories for more information on obtaining and applying fixes.
Jamie Zawinski XScreenSaver 4.14
-
Jamie Zawinski xscreensaver-4.24.tar.gz
http://www.jwz.org/xscreensaver/xscreensaver-4.24.tar.gz -
Mandriva xscreensaver-4.14-4.1.C30mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva xscreensaver-4.14-4.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva xscreensaver-extrusion-4.14-4.1.C30mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva xscreensaver-extrusion-4.14-4.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva xscreensaver-gl-4.14-4.1.C30mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva xscreensaver-gl-4.14-4.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/
Jamie Zawinski XScreenSaver 4.16
-
Jamie Zawinski xscreensaver-4.24.tar.gz
http://www.jwz.org/xscreensaver/xscreensaver-4.24.tar.gz -
Ubuntu screensaver-gnome_4.16-1ubuntu3.1_all.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreen saver-gnome_4.16-1ubuntu3.1_all.deb -
Ubuntu xscreensaver-gl_4.16-1ubuntu11.1_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r-gl_4.16-1ubuntu11.1_amd64.deb -
Ubuntu xscreensaver-gl_4.16-1ubuntu11.1_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r-gl_4.16-1ubuntu11.1_i386.deb -
Ubuntu xscreensaver-gl_4.16-1ubuntu11.1_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r-gl_4.16-1ubuntu11.1_powerpc.deb -
Ubuntu xscreensaver-gl_4.16-1ubuntu3.1_amd64.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r-gl_4.16-1ubuntu3.1_amd64.deb -
Ubuntu xscreensaver-gl_4.16-1ubuntu3.1_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r-gl_4.16-1ubuntu3.1_i386.deb -
Ubuntu xscreensaver-gl_4.16-1ubuntu3.1_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r-gl_4.16-1ubuntu3.1_powerpc.deb -
Ubuntu xscreensaver-gnome_4.16-1ubuntu11.1_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreen saver-gnome_4.16-1ubuntu11.1_all.deb -
Ubuntu xscreensaver-nognome_4.16-1ubuntu11.1_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreen saver-nognome_4.16-1ubuntu11.1_all.deb -
Ubuntu xscreensaver-nognome_4.16-1ubuntu3.1_all.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreen saver-nognome_4.16-1ubuntu3.1_all.deb -
Ubuntu xscreensaver_4.16-1ubuntu11.1_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r_4.16-1ubuntu11.1_amd64.deb -
Ubuntu xscreensaver_4.16-1ubuntu11.1_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r_4.16-1ubuntu11.1_i386.deb -
Ubuntu xscreensaver_4.16-1ubuntu11.1_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r_4.16-1ubuntu11.1_powerpc.deb -
Ubuntu xscreensaver_4.16-1ubuntu3.1_amd64.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r_4.16-1ubuntu3.1_amd64.deb -
Ubuntu xscreensaver_4.16-1ubuntu3.1_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r_4.16-1ubuntu3.1_i386.deb -
Ubuntu xscreensaver_4.16-1ubuntu3.1_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensave r_4.16-1ubuntu3.1_powerpc.deb
Jamie Zawinski XScreenSaver 4.17
-
Jamie Zawinski xscreensaver-4.24.tar.gz
http://www.jwz.org/xscreensaver/xscreensaver-4.24.tar.gz
Jamie Zawinski XScreenSaver 4.15
-
Conectiva xscreensaver-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-4.15-62263U10 _1cl.i386.rpm -
Conectiva xscreensaver-gl-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-gl-4.15-62263 U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-ca-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-ca-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-da-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-da-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-de-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-de-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-es-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-es-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-et-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-et-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-fi-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-fi-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-fr-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-fr-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-hu-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-hu-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-it-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-it-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-ja-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-ja-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-ko-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-ko-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-nl-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-nl-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-no-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-no-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-pl-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-pl-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-pt-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-pt-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-pt_BR-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-pt_BR-4. 15-62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-ru-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-ru-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-sk-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-sk-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-sv-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-sv-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-vi-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-vi-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-wa-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-wa-4.15- 62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-zh_CN-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-zh_CN-4. 15-62263U10_1cl.i386.rpm -
Conectiva xscreensaver-i18n-zh_TW-4.15-62263U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/xscreensaver-i18n-zh_TW-4. 15-62263U10_1cl.i386.rpm
References
XScreenSaver Local Password Disclosure Vulnerability
References:
References:
- ASA-2006-107 - xscreensaver security update (RHSA-2006-0498) (Avaya)
- RHSA-2006:0498-5 - xscreensaver security update (RedHat)
- XScreenSaver Changelog (Jamie Zawinski)
- XScreenSaver Homepage (Jamie Zawinski)